Skills
skills/abuzerasr/intel-asrai-skill/intel-asrai/Snyk

intel-asrai

Fail

Audited by Snyk on Mar 8, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed a private key directly in URLs and config (e.g., ?key=0x<your_private_key>, INTEL_PRIVATE_KEY="0x<your_private_key>") and therefore encourages including secret values verbatim in commands/configuration, creating a high exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). High risk — the GitHub/npm links point to third‑party code and the intel-mcp.asrai.me endpoints are an unfamiliar domain that the skill explicitly instructs you to embed or export your private key and/or run code via npx, a pattern that can lead to remote code execution and exfiltration of wallet keys and funds.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill explicitly asks users to supply their wallet private key (even via URL query strings) to external endpoints and to run a third‑party npm package, creating a direct avenue for credential theft and supply‑chain backdoors that can sign transactions and drain funds — high malicious potential.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's intel_search tool explicitly fetches and synthesizes content from open web/academic/discussions (see SKILL.md tool parameters and references/endpoints.md "sources" with "web" and "discussions"), so the agent will read and act on untrusted third‑party content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill calls the remote MCP endpoint https://intel-mcp.asrai.me/mcp?key=0x<your_private_key> at runtime (and can invoke the runtime package intel-asrai-mcp via npx / https://www.npmjs.com/package/intel-asrai-mcp), which the agent relies on to fetch synthesized messages and/or execute remote package code that directly determines the agent's outputs and behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain micropayments: each search "costs $0.005 USDC" on Base, it requires the user's private key (INTEL_PRIVATE_KEY or key=0x<your_private_key> in the MCP URL) and states "Payments are signed by the user's own wallet." This is a specific crypto payment integration (USDC on Base) that will sign and send transactions from the user's wallet, i.e., it can move funds. This meets the criteria for direct financial execution.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 8, 2026, 11:16 AM